View Single Post
  #4   (View Single Post)  
Old 17th October 2008
Mr-Biscuit Mr-Biscuit is offline
Banned
 
Join Date: May 2008
Posts: 272
Default

The first problem I was shown with the vbox was the kbuild system. A good list of binaries it changes permissions. The second problem was that it won't run on amd64. A debian user posted his output and the answer basically was, "Sorry, can't handle it." (He was trying to run a 32bit system with a host that had a 64bit environment. Since vbox needs 32bit libraries to run, it hasn't been ported yet. I had the exact same problem as he did when trying to build it on FreeBSD amd64 release 7. If two different OS's with the same architecture have the same build errors, your application hasn't been ported. This will cause a problem in future releases.) Third problem was shown on an Arch Linux wiki when a developer stated that a security hole is opened up when you give permissions to a possible unsecured source for a USB device. I remembered the flash exploit, the instability of IE, and the fact that Windows has no real user control. Now take all of that plus that Linux allows any user access to root.

The exploit is easy to setup.

In fact, any exploit which allows access to a device can be passed to the host. I call these "tunnel exploits."
Security holes are not patched by the developers nor are they using the FreeBSD stable release to build.

Another problem that was pointed out to me by a FreeBSD hacker is that some of the newer parts of kbuild are similar to FreeBSD make. Code stealing, hmm? License breaking, hmm? Wasn't there something recently about DeRaadt and the GPL and now this?

Last edited by Mr-Biscuit; 17th October 2008 at 11:16 AM.
Reply With Quote